Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Tracking down a client's port (http://www.velocityreviews.com/forums/t40518-tracking-down-a-clients-port.html)

Matt White 08-19-2005 02:59 PM

Tracking down a client's port
 
Newsgroup -

I have a network made up of 2950s and 3508s. There's six TCs, each with
a pile of 2950s connected together via GigaStack, and the closets are
connected together via the 3508s with fiber on a GBIC.

Every time I need to track down the port that a client is on (starting
only from the IP address), I have a rather lengthy procedure that I follow:

- Get on the first 3508 and ping the IP address.
- Look at the ARP table on the switch to find the MAC address.
- Look at the MAC address table to see which port the MAC is assigned
to. If a switch isn't connected to that port, I've found my port.
- Look at the CDP neighbors table to see which switch is connected to
the port the MAC address is connected to. (If it's on the GigaStack
link, this could take a while since you don't know WHICH switch in the
stack you're looking for.)
- Jump over to that switch, look at the MAC address table. If it's
connected to another switch, repeat until the end port is found.

This works, but it takes a while. Every time I do this I end up thinking
"You know, there has to be an easier way to do this..."

Is there? :)

- Matt

Joop van der Velden 08-19-2005 04:03 PM

Re: Tracking down a client's port
 
Matt White wrote:

> This works, but it takes a while. Every time I do this I end up thinking
> "You know, there has to be an easier way to do this..."
>
> Is there? :)


trace mac <mac address> <mac address>

--
Joop van der Velden - pe1dna@amsat.org



Matt White 08-19-2005 06:29 PM

Re: Tracking down a client's port
 
Joop van der Velden wrote:

> trace mac <mac address> <mac address>


"Error: Device has Multiple CDP neighbours on source port."

The device I'm looking for is on the GigaStack... so that is a correct
statement.

At least that'll be handy in places where we don't use a GigaStack.

- Matt

Rainer Nagel 08-25-2005 03:59 PM

Re: Tracking down a client's port
 
Hi Matt,

On Fri, 19 Aug 2005 10:59:18 -0400,
Matt White <mwhite@NOSPAMdonet.com> wrote:

> Every time I need to track down the port that a client is on (starting
> only from the IP address), I have a rather lengthy procedure that I follow:
>
> - Get on the first 3508 and ping the IP address.
> - Look at the ARP table on the switch to find the MAC address.
> - Look at the MAC address table to see which port the MAC is assigned
> to. If a switch isn't connected to that port, I've found my port.
> - Look at the CDP neighbors table to see which switch is connected to
> the port the MAC address is connected to. (If it's on the GigaStack
> link, this could take a while since you don't know WHICH switch in the
> stack you're looking for.)
> - Jump over to that switch, look at the MAC address table. If it's
> connected to another switch, repeat until the end port is found.
>
> This works, but it takes a while. Every time I do this I end up thinking
> "You know, there has to be an easier way to do this..."


I use a perl script for this.
The switchport description says which switch or host is connected on
this port so i don't need cdp.
And it can ask all routers and firewalls in our data center for their
arp tables.

Ciao
--
Rainer Nagel
Rainer.Nagel@tashrah.com
Duesseldorfer Linux User Group - http://www.dlug.de

Walter Roberson 08-25-2005 04:34 PM

Re: Tracking down a client's port
 
In article <slrndgrqmp.um4.rainer@ramoth.angor.de>,
Rainer Nagel <Rainer.Nagel@tashrah.com> wrote:
:I use a perl script for this.
:The switchport description says which switch or host is connected on
:this port so i don't need cdp.
:And it can ask all routers and firewalls in our data center for their
:arp tables.

Unfortunately this doesn't generalize to all vendors. For example,
the Nortel Baystack switch series (4x0 and 5510 both) do not have
any SNMP mechanism for retrieving the user-assigned switchport description:
instead one gets the system-generated description such as
"BayStack 450-24T - Unit 3 Port 7".

Even within Cisco, there is no way to assign a port description on
with PIX software at least up to 6.x.

Another challenge is that when you are working with a mix of devices,
there are -three- MAC tables you have to probe, not just one.
ifPhysAddress atPhysAddress ipNetToMediaEntry . And the format of
the result of the latter two of those is not consistant from device
type to device type. For example, in some cases (Nortel Accelar/Passport)
you have to do a binary decomposition of the port identifier in order
to find out what the portindex is.

Then there are challenges involving the devices lying or
returning incomplete results, with the -kind- of lying they do
dependant on whether you are using snmpget, snmpwalk, or snmpbulkget ...


All in all, it's a non-trivial effort to write -reliable- generalized
MAC probe scripts for homogenous devices. And you often still don't
get the information you are looking for because of ARP table timeouts...
--
This signature intentionally left... Oh, darn!


All times are GMT. The time now is 01:42 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.